Truenas Setup
- 5 mins read
Prerequisites
Background
I have a Proxmox setup on an old Xeon server with TrueNAS Scale running as VM. But with my new WTR PRO, I wanted to explore using docker for my containers instead of LXCs (Linux Containers). I am keeping the Proxmox running as backup and planned on terraforming the Proxmox installation in the future.
I installed TrueNAS ElectricEel-24.10.1 on this bad boy and will document the docker containers I’m going to deploy.
WARNING:
Do not enable apt if you don’t know what you’re doing. It can destroy the appliance.
$ sudo mount -o remount,rw 'boot-pool/ROOT/24.10.1/usr' $ sudo chmod +x /usr/bin/apt* $ sudo chmod +x /usr/bin/dpkg $ wget -qO- https://raw.githubusercontent.com/eza-community/eza/main/deb.asc | sudo gpg --dearmor -o /etc/apt/keyrings/gierens.gpg $ echo "deb [signed-by=/etc/apt/keyrings/gierens.gpg] http://deb.gierens.de stable main" | sudo tee /etc/apt/sources.list.d/gierens.list $ sudo chmod 644 /etc/apt/keyrings/gierens.gpg /etc/apt/sources.list.d/gierens.list $ sudo apt update $ sudo apt install eza vim ncdu $ curl -s https://ohmyposh.dev/install.sh | bash -s
Update ~/.profile
eval "$(oh-my-posh init bash)" # aliases alias la='eza -la --icons=always' alias ls='eza -a --icons=always' alias ll='eza -l --icons=always' alias lt='eza -a --tree --level=1 --icons=always'
Portainer
I installed Portainer Community Edition from the community Train. It’s available by default and I only need to click Discover Apps to reveal itself. It’s a box-standard setup where you need to fill up the UI for Portainer, Network, Storage and Resources Configuration. It’s running on 2 CPUs with 4096 MB of RAM. The rest of the containers are stack deployment within portainer.
Authelia
I have configuration.yml, users_database.yml and notification.txt on the mounted volume so its persistent.
services: authelia: image: authelia/authelia container_name: authelia restart: always volumes: - /mnt/fast/authelia/config:/config ports: - 9091:9091 environment: - TZ=Europe/London
Filebrowser
services: filebrowser: image: filebrowser/filebrowser:latest container_name: filebrowser environment: - PUID=568 - PGID=568 - TZ=Europe/London ports: - 8084:80 volumes: - /mnt/fast:/srv/fast:rw - /mnt/tank0:/srv/tank0:rw - /mnt/fast/filebrowser/config/settings.json:/config/settings.json restart: unless-stopped security_opt: - no-new-privileges:true networks: {}
Gitea
services: server: image: docker.io/gitea/gitea container_name: gitea environment: - USER_UID=568 - USER_GID=568 restart: always volumes: - /mnt/fast/gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - 3000:3000 - 222:22
I have to use a custom config file since it’s running on a non-standard SSH port.
❯ cat ~/.ssh/config Host 192.168.x.x Port 222 User git
Heimdall
services: heimdall: image: lscr.io/linuxserver/heimdall:latest container_name: heimdall environment: - PUID=999 - PGID=999 - TZ=Europe/Lond volumes: - /mnt/fast/heimdall/config:/config ports: - 7980:80 - 7943:443 restart: unless-stopped
HomeAssistant
services: homeassistant: container_name: homeassistant image: lscr.io/linuxserver/homeassistant:latest network_mode: host environment: - PUID=999 - PGID=999 - TZ=Europe/London ports: - 8123:8123 volumes: - /mnt/fast/homeassistant/config:/config - /etc/localtime:/etc/localtime:ro - /run/dbus:/run/dbus:ro restart: always
Immich
This is the most challenging container to setup. In my Proxmox, I have a bare-metal installation of this since I don’t have success mounting volumes inside the LXC container.
services: immich-server: container_name: immich-server image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} volumes: - ${UPLOAD_LOCATION}:/usr/src/app/upload - /etc/localtime:/etc/localtime:ro env_file: - stack.env ports: - '2283:2283' depends_on: - redis - database restart: always user: 3002:568 healthcheck: disable: false immich-machine-learning: container_name: immich-machine-learning image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} volumes: - model-cache:/cache env_file: - stack.env restart: always user: 568:568 healthcheck: disable: false redis: container_name: immich-redis image: docker.io/redis:6.2-alpine@sha256:eaba718fecd1196d88533de7ba49bf903ad33664a92debb24660a922ecd9cac8 healthcheck: test: redis-cli ping || exit 1 restart: always database: container_name: immich-postgres image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0 environment: POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_USER: ${DB_USERNAME} POSTGRES_DB: ${DB_DATABASE_NAME} POSTGRES_INITDB_ARGS: '--data-checksums' volumes: - ${DB_DATA_LOCATION}:/var/lib/postgresql/data healthcheck: test: >- pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1; Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1 interval: 5m start_interval: 30s start_period: 5m command: >- postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user", public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on restart: always volumes: model-cache:
I have the following on my stack.env deployed using Portainer’s web editor.
# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables # The location where your uploaded files are stored UPLOAD_LOCATION=/mnt/tank0/immich # The location where your database files are stored DB_DATA_LOCATION=/mnt/fast/postgres14 TZ=Europe/London IMMICH_VERSION=v1.120.1 DB_USERNAME=postgres DB_DATABASE_NAME=immich DB_PASSWORD=YOUR_STRONG_PASSWORD
Navidrome
services: navidrome: image: deluan/navidrome:latest user: 568:568 ports: - 4533:4533 restart: unless-stopped environment: ND_SCANSCHEDULE: 1h ND_LOGLEVEL: info ND_SESSIONTIMEOUT: 24h ND_BASEURL: "" volumes: - /mnt/fast/navidrome/data:/data - /mnt/tank0/data/media/music:/music:ro
Nextcloud
services: nextcloud: image: lscr.io/linuxserver/nextcloud:latest container_name: nextcloud environment: - PUID=568 - PGID=568 - TZ=Europe/London volumes: - /mnt/fast/nextcloud/config:/config - /mnt/fast/nextcloud/data:/data ports: - 4443:443 restart: unless-stopped
Nginx Proxy Manager
services: proxy: image: jc21/nginx-proxy-manager:latest container_name: nginx-proxy network_mode: bridge restart: always environment: - PUID=568 - PGID=568 - TZ=Europe/London ports: - 8081:81 - 8443:443 volumes: - /mnt/fast/nginx/data:/data - /mnt/fast/nginx/letsencrypt:/etc/letsencrypt ddns: image: favonia/cloudflare-ddns:latest container_name: cloudflare-ddns restart: always read_only: true cap_drop: [all] security_opt: [no-new-privileges:true] environment: - CLOUDFLARE_API_TOKEN=GET_THIS_FROM_YOUR_CLOUDFLARE_ACCOUNT - DOMAINS=lekat.uk,auth.lekat.uk - PROXIED=true - IP6_PROVIDER=none
Pihole
networks: dns_net: driver: bridge ipam: config: - subnet: 172.16.8.0/24 services: pihole: container_name: pihole hostname: pihole image: pihole/pihole:latest networks: dns_net: ipv4_address: 172.16.8.7 ports: - 53:53/tcp - 53:53/udp - 81:80/tcp environment: TZ: Europe/London WEBPASSWORD: STRONG_PASSWORD PIHOLE_DNS_: 172.16.8.8#5053 volumes: - /mnt/fast/pihole:/etc/pihole - /mnt/fast/pihole/dnsmasq.d:/etc/dnsmasq.d restart: unless-stopped unbound: container_name: unbound image: mvance/unbound:latest networks: dns_net: ipv4_address: 172.16.8.8 volumes: - /mnt/fast/pihole/unbound:/opt/unbound/etc/unbound ports: - 5053:53/tcp - 5053:53/udp healthcheck: test: ["NONE"] restart: unless-stopped
I edited the unbound.conf to remove the zone configurations.
########################################################################### # FORWARD ZONE ########################################################################### #include: /opt/unbound/etc/unbound/forward-records.conf ########################################################################### # LOCAL ZONE ########################################################################### # Include file for local-data and local-data-ptr #include: /opt/unbound/etc/unbound/a-records.conf #include: /opt/unbound/etc/unbound/srv-records.conf ########################################################################### # WILDCARD INCLUDE ########################################################################### #include: "/opt/unbound/etc/unbound/*.conf"
PostgreSQL
services: db: container_name: postgresql image: postgres:17.2-bullseye environment: - POSTGRES_USER=postgres - POSTGRES_PASSWORD=STRONG_PASSWORD ports: - 5432:5432 restart: always volumes: - /mnt/fast/postgres17:/var/lib/postgresql/data command: >- bash -c "apt-get update && apt-get install -y postgresql-17-pgvector && docker-entrypoint.sh postgres -c shared_preload_libraries=vector -c 'search_path=\"$$user\",public,vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on"
Trilium
services: trilium: container_name: trilium image: triliumnext/notes:v0.90.4 restart: always environment: - TRILIUM_DATA_DIR=/home/node/trilium-data - USER_GID=1000 ports: - 8082:8080 volumes: - /mnt/fast/trilium/notes:/home/node/trilium-data